caojiahao/dev_caojiahao
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: 用户被禁用、店铺被禁用、管理员被禁用,token未被清除问题处理。

Browse Source
This commit is contained in:
Chopper711 2023-04-19 12:08:47 +08:00
parent 1f21d80dc0
commit 7b6a150bd2
13 changed files with 122 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
buyer-api/src/main/java/cn/lili/security/BuyerAuthenticationFilter.java
View File

@ -99,7 +99,7 @@ public class BuyerAuthenticationFilter extends BasicAuthenticationFilter {
AuthUser authUser = new Gson().fromJson(json, AuthUser.class);
//校验redis中是否有权限
if (cache.hasKey(CachePrefix.ACCESS_TOKEN.getPrefix(UserEnums.MEMBER) + jwt)) {
if (cache.hasKey(CachePrefix.ACCESS_TOKEN.getPrefix(UserEnums.MEMBER,authUser.getId()) + jwt)) {
//构造返回信息
List<GrantedAuthority> auths = new ArrayList<>();
auths.add(new SimpleGrantedAuthority("ROLE_" + authUser.getRole().name()));

3
consumer/src/main/java/cn/lili/timetask/handler/impl/statistics/OnlineMemberStatistics.java
View File

@ -72,7 +72,8 @@ public class OnlineMemberStatistics implements EveryHourExecute {
calendar.set(Calendar.MINUTE, 0);
calendar.set(Calendar.SECOND, 0);
calendar.set(Calendar.MILLISECOND, 0);
onlineMemberVOS.add(new OnlineMemberVO(calendar.getTime(), cache.keys(CachePrefix.ACCESS_TOKEN.getPrefix(UserEnums.MEMBER) + "*").size(), lastNum.get()));
onlineMemberVOS.add(new OnlineMemberVO(calendar.getTime(), cache.keys(CachePrefix.ACCESS_TOKEN.getPrefix(UserEnums.MEMBER) + "*").size(),
lastNum.get()));
//写入缓存
cache.put(CachePrefix.ONLINE_MEMBER.getPrefix(), onlineMemberVOS);

12
framework/src/main/java/cn/lili/cache/CachePrefix.java vendored
View File

@ -555,4 +555,16 @@ public enum CachePrefix {
public String getPrefix(UserEnums user) {
return "{" + this.name() + "_" + user.name() + "}_";
}
/**
* 获取缓存key值 + 用户端 +自定义前缀
* 例如三端都有用户体系需要分别登录如果用户名一致则redis中的权限可能会冲突出错
*
* @param user 角色
* @param customPrefix 自定义前缀
* @return 缓存key值
*/
public String getPrefix(UserEnums user, String customPrefix) {
return "{" + this.name() + "_" + user.name() + "}_" + customPrefix + "_";
}
}

2
framework/src/main/java/cn/lili/common/security/context/UserContext.java
View File

@ -65,7 +65,7 @@ public class UserContext {
AuthUser authUser = getAuthUser(accessToken);
assert authUser != null;
if (!cache.hasKey(CachePrefix.ACCESS_TOKEN.getPrefix(authUser.getRole()) + accessToken)) {
if (!cache.hasKey(CachePrefix.ACCESS_TOKEN.getPrefix(authUser.getRole(), authUser.getId()) + accessToken)) {
throw new ServiceException(ResultCode.USER_AUTHORITY_ERROR);
}
return authUser;

13
framework/src/main/java/cn/lili/common/security/token/TokenUtil.java
View File

@ -42,13 +42,13 @@ public class TokenUtil {
//访问token
String accessToken = createToken(authUser, tokenProperties.getTokenExpireTime());
cache.put(CachePrefix.ACCESS_TOKEN.getPrefix(authUser.getRole()) + accessToken, 1,
cache.put(CachePrefix.ACCESS_TOKEN.getPrefix(authUser.getRole(), authUser.getId()) + accessToken, 1,
tokenProperties.getTokenExpireTime(), TimeUnit.MINUTES);
//刷新token生成策略如果是长时间有效的token用于app则默认15天有效期刷新token如果是普通用户登录则刷新token为普通token2倍数
Long expireTime = authUser.getLongTerm() ? 15 * 24 * 60L : tokenProperties.getTokenExpireTime() * 2;
String refreshToken = createToken(authUser, expireTime);
cache.put(CachePrefix.REFRESH_TOKEN.getPrefix(authUser.getRole()) + refreshToken, 1, expireTime, TimeUnit.MINUTES);
cache.put(CachePrefix.REFRESH_TOKEN.getPrefix(authUser.getRole(), authUser.getId()) + refreshToken, 1, expireTime, TimeUnit.MINUTES);
token.setAccessToken(accessToken);
token.setRefreshToken(refreshToken);
@ -85,11 +85,12 @@ public class TokenUtil {
//如果缓存中有刷新token &&
if (cache.hasKey(CachePrefix.REFRESH_TOKEN.getPrefix(userEnums) + oldRefreshToken)) {
if (cache.hasKey(CachePrefix.REFRESH_TOKEN.getPrefix(userEnums, authUser.getId()) + oldRefreshToken)) {
Token token = new Token();
//访问token
String accessToken = createToken(authUser, tokenProperties.getTokenExpireTime());
cache.put(CachePrefix.ACCESS_TOKEN.getPrefix(userEnums) + accessToken, 1, tokenProperties.getTokenExpireTime(), TimeUnit.MINUTES);
cache.put(CachePrefix.ACCESS_TOKEN.getPrefix(userEnums, authUser.getId()) + accessToken, 1, tokenProperties.getTokenExpireTime(),
TimeUnit.MINUTES);
//如果是信任登录设备则刷新token长度继续延长
Long expirationTime = tokenProperties.getTokenExpireTime() * 2;
@ -101,10 +102,10 @@ public class TokenUtil {
//刷新token生成策略如果是长时间有效的token用于app则默认15天有效期刷新token如果是普通用户登录则刷新token为普通token2倍数
String refreshToken = createToken(authUser, expirationTime);
cache.put(CachePrefix.REFRESH_TOKEN.getPrefix(userEnums) + refreshToken, 1, expirationTime, TimeUnit.MINUTES);
cache.put(CachePrefix.REFRESH_TOKEN.getPrefix(userEnums, authUser.getId()) + refreshToken, 1, expirationTime, TimeUnit.MINUTES);
token.setAccessToken(accessToken);
token.setRefreshToken(refreshToken);
cache.remove(CachePrefix.REFRESH_TOKEN.getPrefix(userEnums) + oldRefreshToken);
cache.remove(CachePrefix.REFRESH_TOKEN.getPrefix(userEnums, authUser.getId()) + oldRefreshToken);
return token;
} else {
throw new ServiceException(ResultCode.USER_AUTH_EXPIRED);

10
framework/src/main/java/cn/lili/modules/member/service/MemberService.java
View File

@ -11,11 +11,10 @@ import cn.lili.modules.member.entity.dto.MemberAddDTO;
import cn.lili.modules.member.entity.dto.MemberEditDTO;
import cn.lili.modules.member.entity.vo.MemberSearchVO;
import cn.lili.modules.member.entity.vo.MemberVO;
import cn.lili.modules.member.entity.vo.QRLoginResultVo;
import cn.lili.modules.member.entity.vo.QRCodeLoginSessionVo;
import cn.lili.modules.member.entity.vo.QRLoginResultVo;
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.extension.service.IService;
import org.elasticsearch.monitor.os.OsStats;
import java.util.List;
import java.util.Map;
@ -260,6 +259,13 @@ public interface MemberService extends IService<Member> {
*/
void logout(UserEnums userEnums);
/**
* 登出
*
* @param userId 用户id
*/
void logout(String userId);
/**
* 修改会员是否拥有店铺
*

41
framework/src/main/java/cn/lili/modules/member/serviceimpl/MemberServiceImpl.java
View File

@ -19,7 +19,6 @@ import cn.lili.common.security.token.Token;
import cn.lili.common.sensitive.SensitiveWordsFilter;
import cn.lili.common.utils.*;
import cn.lili.common.vo.PageVO;
import cn.lili.modules.connect.config.ConnectAuthEnum;
import cn.lili.modules.connect.entity.Connect;
import cn.lili.modules.connect.entity.dto.ConnectAuthUser;
import cn.lili.modules.connect.service.ConnectService;
@ -309,7 +308,8 @@ public class MemberServiceImpl extends ServiceImpl<MemberMapper, Member> impleme
this.save(member);
// 发送会员注册信息
applicationEventPublisher.publishEvent(new TransactionCommitSendMQEvent("new member register", rocketmqCustomProperties.getMemberTopic(), MemberTagsEnum.MEMBER_REGISTER.name(), member));
applicationEventPublisher.publishEvent(new TransactionCommitSendMQEvent("new member register", rocketmqCustomProperties.getMemberTopic(),
MemberTagsEnum.MEMBER_REGISTER.name(), member));
}
@Override
@ -456,7 +456,8 @@ public class MemberServiceImpl extends ServiceImpl<MemberMapper, Member> impleme
checkMember(memberAddDTO.getUsername(), memberAddDTO.getMobile());
//添加会员
Member member = new Member(memberAddDTO.getUsername(), new BCryptPasswordEncoder().encode(memberAddDTO.getPassword()), memberAddDTO.getMobile());
Member member = new Member(memberAddDTO.getUsername(), new BCryptPasswordEncoder().encode(memberAddDTO.getPassword()),
memberAddDTO.getMobile());
registerHandler(member);
return member;
}
@ -525,7 +526,8 @@ public class MemberServiceImpl extends ServiceImpl<MemberMapper, Member> impleme
memberPointMessage.setPoint(point);
memberPointMessage.setType(type);
memberPointMessage.setMemberId(memberId);
applicationEventPublisher.publishEvent(new TransactionCommitSendMQEvent("update member point", rocketmqCustomProperties.getMemberTopic(), MemberTagsEnum.MEMBER_POINT_CHANGE.name(), memberPointMessage));
applicationEventPublisher.publishEvent(new TransactionCommitSendMQEvent("update member point",
rocketmqCustomProperties.getMemberTopic(), MemberTagsEnum.MEMBER_POINT_CHANGE.name(), memberPointMessage));
return true;
}
return false;
@ -540,6 +542,10 @@ public class MemberServiceImpl extends ServiceImpl<MemberMapper, Member> impleme
updateWrapper.set("disabled", status);
updateWrapper.in("id", memberIds);
//如果是禁用
if (Boolean.FALSE.equals(status)) {
disableMemberLogout(memberIds);
}
return this.update(updateWrapper);
}
@ -680,8 +686,33 @@ public class MemberServiceImpl extends ServiceImpl<MemberMapper, Member> impleme
@Override
public void logout(UserEnums userEnums) {
String currentUserToken = UserContext.getCurrentUserToken();
AuthUser authUser = UserContext.getAuthUser(currentUserToken);
if (CharSequenceUtil.isNotEmpty(currentUserToken)) {
cache.remove(CachePrefix.ACCESS_TOKEN.getPrefix(userEnums) + currentUserToken);
cache.remove(CachePrefix.ACCESS_TOKEN.getPrefix(userEnums, authUser.getId()) + currentUserToken);
cache.vagueDel(CachePrefix.REFRESH_TOKEN.getPrefix(userEnums, authUser.getId()) );
}
}
@Override
public void logout(String userId) {
cache.vagueDel(CachePrefix.ACCESS_TOKEN.getPrefix(UserEnums.MANAGER, userId));
cache.vagueDel(CachePrefix.REFRESH_TOKEN.getPrefix(UserEnums.MANAGER, userId));
}
/**
* 禁用会员会员token删除
*
* @param memberIds 会员id
*/
public void disableMemberLogout(List<String> memberIds) {
if (memberIds != null) {
memberIds.forEach(memberId -> {
cache.vagueDel(CachePrefix.ACCESS_TOKEN.getPrefix(UserEnums.MEMBER, memberId));
cache.vagueDel(CachePrefix.REFRESH_TOKEN.getPrefix(UserEnums.MEMBER, memberId));
});
}
}

7
framework/src/main/java/cn/lili/modules/permission/service/AdminUserService.java
View File

@ -107,4 +107,11 @@ public interface AdminUserService extends IService<AdminUser> {
*/
void logout(UserEnums userEnums);
/**
* 登出
*
* @param adminUserIds 用户id
*/
void logout(List<String> adminUserIds);
}

17
framework/src/main/java/cn/lili/modules/permission/serviceimpl/AdminUserServiceImpl.java
View File

@ -142,11 +142,24 @@ public class AdminUserServiceImpl extends ServiceImpl<AdminUserMapper, AdminUser
@Override
public void logout(UserEnums userEnums) {
String currentUserToken = UserContext.getCurrentUserToken();
AuthUser authUser = UserContext.getAuthUser(currentUserToken);
if (CharSequenceUtil.isNotEmpty(currentUserToken)) {
cache.remove(CachePrefix.ACCESS_TOKEN.getPrefix(userEnums) + currentUserToken);
cache.remove(CachePrefix.ACCESS_TOKEN.getPrefix(userEnums, authUser.getId()) + currentUserToken);
cache.vagueDel(CachePrefix.REFRESH_TOKEN.getPrefix(userEnums, authUser.getId()));
}
}
@Override
public void logout(List<String> adminUserIds) {
if (adminUserIds == null || adminUserIds.isEmpty()) {
return;
}
adminUserIds.forEach(adminUserId -> {
cache.vagueDel(CachePrefix.ACCESS_TOKEN.getPrefix(UserEnums.MANAGER, adminUserId));
cache.vagueDel(CachePrefix.REFRESH_TOKEN.getPrefix(UserEnums.MANAGER, adminUserId));
});
}
@Override
public AdminUser findByUsername(String username) {
@ -234,6 +247,8 @@ public class AdminUserServiceImpl extends ServiceImpl<AdminUserMapper, AdminUser
QueryWrapper<UserRole> queryWrapper = new QueryWrapper<>();
queryWrapper.in("user_id", ids);
userRoleService.remove(queryWrapper);
this.logout(ids);
}
/**

16
framework/src/main/java/cn/lili/modules/store/serviceimpl/StoreServiceImpl.java
View File

@ -9,6 +9,7 @@ import cn.lili.common.exception.ServiceException;
import cn.lili.common.properties.RocketmqCustomProperties;
import cn.lili.common.security.AuthUser;
import cn.lili.common.security.context.UserContext;
import cn.lili.common.security.enums.UserEnums;
import cn.lili.common.utils.BeanUtil;
import cn.lili.common.vo.PageVO;
import cn.lili.modules.goods.entity.dos.GoodsSku;
@ -227,7 +228,7 @@ public class StoreServiceImpl extends ServiceImpl<StoreMapper, Store> implements
} else {
store.setStoreDisable(StoreStatusEnum.REFUSED.value());
}
cache.remove(CachePrefix.STORE.getPrefix()+store.getId());
cache.remove(CachePrefix.STORE.getPrefix() + store.getId());
return this.updateById(store);
}
@ -244,6 +245,13 @@ public class StoreServiceImpl extends ServiceImpl<StoreMapper, Store> implements
if (update) {
goodsService.underStoreGoods(id);
}
//删除店员token
clerkService.list(new LambdaQueryWrapper<Clerk>().eq(Clerk::getStoreId, id)).forEach(clerk -> {
cache.vagueDel(CachePrefix.ACCESS_TOKEN.getPrefix(UserEnums.STORE, clerk.getMemberId()));
cache.vagueDel(CachePrefix.REFRESH_TOKEN.getPrefix(UserEnums.STORE, clerk.getMemberId()));
});
return update;
}
@ -371,7 +379,8 @@ public class StoreServiceImpl extends ServiceImpl<StoreMapper, Store> implements
clerkService.remove(new LambdaQueryWrapper<Clerk>().eq(Clerk::getShopkeeper, true));
List<Clerk> clerkList = new ArrayList<>();
//遍历已开启的店铺
for (Store store : this.list(new LambdaQueryWrapper<Store>().eq(Store::getDeleteFlag, false).eq(Store::getStoreDisable, StoreStatusEnum.OPEN.name()))) {
for (Store store : this.list(new LambdaQueryWrapper<Store>().eq(Store::getDeleteFlag, false).eq(Store::getStoreDisable,
StoreStatusEnum.OPEN.name()))) {
clerkList.add(new Clerk(store));
}
clerkService.saveBatch(clerkList);
@ -381,7 +390,8 @@ public class StoreServiceImpl extends ServiceImpl<StoreMapper, Store> implements
public List<GoodsSku> getToMemberHistory(String memberId) {
AuthUser currentUser = UserContext.getCurrentUser();
List<String> skuIdList = new ArrayList<>();
for (FootPrint footPrint : footprintService.list(new LambdaUpdateWrapper<FootPrint>().eq(FootPrint::getStoreId, currentUser.getStoreId()).eq(FootPrint::getMemberId, memberId))) {
for (FootPrint footPrint :
footprintService.list(new LambdaUpdateWrapper<FootPrint>().eq(FootPrint::getStoreId, currentUser.getStoreId()).eq(FootPrint::getMemberId, memberId))) {
if (footPrint.getSkuId() != null) {
skuIdList.add(footPrint.getSkuId());
}

11
manager-api/src/main/java/cn/lili/controller/passport/AdminUserManagerController.java
View File

@ -30,6 +30,7 @@ import org.springframework.web.bind.annotation.*;
import javax.validation.Valid;
import javax.validation.constraints.NotNull;
import java.util.ArrayList;
import java.util.List;
@ -161,7 +162,7 @@ public class AdminUserManagerController {
@ApiOperation(value = "添加用户")
public ResultMessage<Object> register(@Valid AdminUserDTO adminUser,
@RequestParam(required = false) List<String> roles) {
int rolesMaxSize=10;
int rolesMaxSize = 10;
try {
if (roles != null && roles.size() >= rolesMaxSize) {
throw new ServiceException(ResultCode.PERMISSION_BEYOND_TEN);
@ -183,6 +184,14 @@ public class AdminUserManagerController {
}
user.setStatus(status);
adminUserService.updateById(user);
//登出用户
if (Boolean.FALSE.equals(status)) {
List<String> userIds = new ArrayList<>();
userIds.add(userId);
adminUserService.logout(userIds);
}
return ResultUtil.success();
}

5
manager-api/src/main/java/cn/lili/security/ManagerAuthenticationFilter.java
View File

@ -86,7 +86,8 @@ public class ManagerAuthenticationFilter extends BasicAuthenticationFilter {
//如果不是超级管理员 则鉴权
if (Boolean.FALSE.equals(authUser.getIsSuper())) {
//获取缓存中的权限
Map<String, List<String>> permission = (Map<String, List<String>>) cache.get(CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.MANAGER) + authUser.getId());
Map<String, List<String>> permission =
(Map<String, List<String>>) cache.get(CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.MANAGER) + authUser.getId());
//获取数据(GET 请求)权限
if (request.getMethod().equals(RequestMethod.GET.name())) {
@ -143,7 +144,7 @@ public class ManagerAuthenticationFilter extends BasicAuthenticationFilter {
AuthUser authUser = new Gson().fromJson(json, AuthUser.class);
//校验redis中是否有权限
if (cache.hasKey(CachePrefix.ACCESS_TOKEN.getPrefix(UserEnums.MANAGER) + jwt)) {
if (cache.hasKey(CachePrefix.ACCESS_TOKEN.getPrefix(UserEnums.MANAGER, authUser.getId()) + jwt)) {
//用户角色
List<GrantedAuthority> auths = new ArrayList<>();
auths.add(new SimpleGrantedAuthority("ROLE_" + authUser.getRole().name()));

10
seller-api/src/main/java/cn/lili/security/StoreAuthenticationFilter.java
View File

@ -51,7 +51,8 @@ public class StoreAuthenticationFilter extends BasicAuthenticationFilter {
@SneakyThrows
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException,
ServletException {
//从header中获取jwt
String jwt = request.getHeader(SecurityEnum.HEADER_TOKEN.getValue());
//如果没有token 则return
@ -89,7 +90,7 @@ public class StoreAuthenticationFilter extends BasicAuthenticationFilter {
AuthUser authUser = new Gson().fromJson(json, AuthUser.class);
//校验redis中是否有权限
if (cache.hasKey(CachePrefix.ACCESS_TOKEN.getPrefix(UserEnums.STORE) + jwt)) {
if (cache.hasKey(CachePrefix.ACCESS_TOKEN.getPrefix(UserEnums.STORE, authUser.getId()) + jwt)) {
//用户角色
List<GrantedAuthority> auths = new ArrayList<>();
auths.add(new SimpleGrantedAuthority("ROLE_" + authUser.getRole().name()));
@ -124,13 +125,14 @@ public class StoreAuthenticationFilter extends BasicAuthenticationFilter {
//如果不是超级管理员 则鉴权
if (!authUser.getIsSuper()) {
//获取缓存中的权限
Map<String, List<String>> permission = (Map<String, List<String>>) cache.get(CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.STORE) + authUser.getId());
Map<String, List<String>> permission =
(Map<String, List<String>>) cache.get(CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.STORE) + authUser.getId());
//获取数据(GET 请求)权限
if (request.getMethod().equals(RequestMethod.GET.name())) {
//如果用户的超级权限和查阅权限都不包含当前请求的api
if (match(permission.get(PermissionEnum.SUPER.name()), requestUrl)
||match(permission.get(PermissionEnum.QUERY.name()), requestUrl)) {
|| match(permission.get(PermissionEnum.QUERY.name()), requestUrl)) {
} else {
ResponseUtil.output(response, ResponseUtil.resultMap(false, 400, "权限不足"));
log.error("当前请求路径:{},所拥有权限:{}", requestUrl, JSONUtil.toJsonStr(permission));